[packages/freerdp2] up to 2.4.1

Thu Oct 21 11:41:34 CEST 2021

commit 12f07fad925f1c1c0c97132b80d0bbbca73c1aaa
Author: Jan Palus <atler at pld-linux.org>
Date:   Thu Oct 21 11:41:21 2021 +0200

    up to 2.4.1

 freerdp2.spec  |   8 ++-
 openssl3.patch | 150 ---------------------------------------------------------
 2 files changed, 3 insertions(+), 155 deletions(-)
---

diff --git a/freerdp2.spec b/freerdp2.spec
index ddc2bb4..9218e1b 100644
--- a/freerdp2.spec
+++ b/freerdp2.spec
@@ -36,16 +36,15 @@
 Summary:	Remote Desktop Protocol client
 Summary(pl.UTF-8):	Klient protokołu RDP
 Name:		freerdp2
-Version:	2.4.0
-Release:	3
+Version:	2.4.1
+Release:	1
 License:	Apache v2.0
 Group:		Applications/Communications
 Source0:	https://pub.freerdp.com/releases/freerdp-%{version}.tar.gz
-# Source0-md5:	fb5556945b41dad362a03b23f330b971
+# Source0-md5:	a46c2fd303b9c131120162377e962dbb
 Patch0:		freerdp-opt.patch
 Patch1:		freerdp-gsm.patch
 Patch2:		docbook-xsl.patch
-Patch3:		openssl3.patch
 URL:		http://www.freerdp.com/
 %{?with_directfb:BuildRequires:	DirectFB-devel}
 %{?with_opencl:BuildRequires:	OpenCL-devel}
@@ -196,7 +195,6 @@ wykorzystujących biblioteki FreeRDP 2.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
 
 cat << EOF > xfreerdp.desktop
 [Desktop Entry]
diff --git a/openssl3.patch b/openssl3.patch
deleted file mode 100644
index 8c4c74c..0000000
--- a/openssl3.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy at redhat.com>
-Date: Wed, 12 May 2021 12:48:15 +0200
-Subject: [PATCH] Fix FIPS mode support and build with OpenSSL 3.0
-
-FreeRDP fails to build with OpenSSL 3.0 because of usage of the `FIPS_mode`
-and `FIPS_mode_set` functions, which were removed there. Just a note that
-the FIPS mode is not supported by OpenSSL 1.1.* although the mentioned
-functions are still there (see https://wiki.openssl.org/index.php/FIPS_modules).
-Let's make FreeRDP build with OpenSSL 3.0 and fix the FIPS mode support.
-
-See: https://bugzilla.redhat.com/show_bug.cgi?id=1952937
----
- winpr/libwinpr/utils/ssl.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
-diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
-index 3a859039034..03b23af43ac 100644
---- a/winpr/libwinpr/utils/ssl.c
-+++ b/winpr/libwinpr/utils/ssl.c
-@@ -244,9 +244,17 @@ static BOOL winpr_enable_fips(DWORD flags)
- #else
- 		WLog_DBG(TAG, "Ensuring openssl fips mode is ENabled");
- 
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+		if (!EVP_default_properties_is_fips_enabled(NULL))
-+#else
- 		if (FIPS_mode() != 1)
-+#endif
- 		{
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+			if (EVP_set_default_properties(NULL, "fips=yes"))
-+#else
- 			if (FIPS_mode_set(1))
-+#endif
- 				WLog_INFO(TAG, "Openssl fips mode ENabled!");
- 			else
- 			{
-From 0c81c73c8d770fd5ffbc541dc176da515b66686b Mon Sep 17 00:00:00 2001
-From: Mike Gilbert <floppym at gentoo.org>
-Date: Sun, 1 Aug 2021 12:14:43 -0400
-Subject: [PATCH] winpr: avoid calling FIPS_mode() with OpenSSL 3.0
-
-Fixes: 26bf2816c3e0daeaf524c47cf0fcda8ae13b65ad
----
- winpr/libwinpr/utils/ssl.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/winpr/libwinpr/utils/ssl.c b/winpr/libwinpr/utils/ssl.c
-index 03b23af43ac..74ef156e7b0 100644
---- a/winpr/libwinpr/utils/ssl.c
-+++ b/winpr/libwinpr/utils/ssl.c
-@@ -364,6 +364,8 @@ BOOL winpr_FIPSMode(void)
- {
- #if (OPENSSL_VERSION_NUMBER < 0x10001000L) || defined(LIBRESSL_VERSION_NUMBER)
- 	return FALSE;
-+#elif defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+	return (EVP_default_properties_is_fips_enabled(NULL) == 1);
- #else
- 	return (FIPS_mode() == 1);
- #endif
-From a79e09d97435bfdf4fdd439d76d847ba8dcbb445 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy at redhat.com>
-Date: Tue, 3 Aug 2021 08:39:21 +0200
-Subject: [PATCH 1/2] winpr/crypto: Exit cleanly when EVP_EncryptInit_ex fails
-
-The `EVP_EncryptInit_ex` function may fail in certain configurations.
-Consequently, FreeRDP segfaults in `EVP_CIPHER_CTX_set_key_length`.
-Let's handle the `EVP_EncryptInit_ex` failures and exit cleanly in
-such case.
----
- winpr/libwinpr/crypto/cipher.c | 13 +++++++++++--
- 1 file changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c
-index c47595b145d..bd52cfeedb6 100644
---- a/winpr/libwinpr/crypto/cipher.c
-+++ b/winpr/libwinpr/crypto/cipher.c
-@@ -66,7 +66,12 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO
- 		return NULL;
- 
- 	EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*)ctx);
--	EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, evp, NULL, NULL, NULL);
-+	if (EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, evp, NULL, NULL, NULL) != 1)
-+	{
-+		EVP_CIPHER_CTX_free ((EVP_CIPHER_CTX*)ctx);
-+		return NULL;
-+	}
-+
- 	/* EVP_CIPH_FLAG_NON_FIPS_ALLOW does not exist before openssl 1.0.1 */
- #if !(OPENSSL_VERSION_NUMBER < 0x10001000L)
- 
-@@ -75,7 +80,11 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO
- 
- #endif
- 	EVP_CIPHER_CTX_set_key_length((EVP_CIPHER_CTX*)ctx, keylen);
--	EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, NULL, NULL, key, NULL);
-+	if (EVP_EncryptInit_ex((EVP_CIPHER_CTX*)ctx, NULL, NULL, key, NULL) != 1)
-+	{
-+		EVP_CIPHER_CTX_free ((EVP_CIPHER_CTX*)ctx);
-+		return NULL;
-+	}
- #elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C)
- 
- 	if (!(ctx = (WINPR_RC4_CTX*)calloc(1, sizeof(mbedtls_arc4_context))))
-
-From e1f63dba5c63302b8a5e9d33c9ffe5580105de72 Mon Sep 17 00:00:00 2001
-From: Ondrej Holy <oholy at redhat.com>
-Date: Tue, 3 Aug 2021 08:47:13 +0200
-Subject: [PATCH 2/2] winpr/crypto: Load legacy provider to fix rc4 with
- OpenSSL 3.0
-
-Currently, the `EVP_EncryptInit_ex` function fails for rc4 with OpenSSL 3.0.
-This is becuase rc4 is provided by the legacy provider which is not loaded
-by default. Let's explicitly load the legacy provider to make FreeRDP work
-with OpenSSL 3.0.
-
-Relates: https://github.com/openssl/openssl/issues/14392
-Fixes: https://github.com/FreeRDP/FreeRDP/issues/6604
----
- winpr/libwinpr/crypto/cipher.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c
-index bd52cfeedb6..75d25a1c79c 100644
---- a/winpr/libwinpr/crypto/cipher.c
-+++ b/winpr/libwinpr/crypto/cipher.c
-@@ -29,6 +29,9 @@
- #include <openssl/rc4.h>
- #include <openssl/des.h>
- #include <openssl/evp.h>
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+#include <openssl/provider.h>
-+#endif
- #endif
- 
- #ifdef WITH_MBEDTLS
-@@ -57,6 +60,12 @@ static WINPR_RC4_CTX* winpr_RC4_New_Internal(const BYTE* key, size_t keylen, BOO
- 
- #if defined(WITH_OPENSSL)
- 
-+
-+#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
-+	if (OSSL_PROVIDER_load(NULL, "legacy") == NULL)
-+		return NULL;
-+#endif
-+
- 	if (!(ctx = (WINPR_RC4_CTX*)EVP_CIPHER_CTX_new()))
- 		return NULL;
- 
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/freerdp2.git/commitdiff/12f07fad925f1c1c0c97132b80d0bbbca73c1aaa

